This release provides support for configuring enabled SSL protocols and cipher suites. This work was motivated by the poddle vulnerability, solved in v. 3.3.0 by disabling support for SSLv3. It turns out, however, that some older clients (e.g., mkgridmap) will stop working with SSLv3 disabled, so this release:
SSLv3 can be disabled by editing the
/etc/voms-admin/voms-admin-server.properties configuration file to set the
tls_exclude_protocols property as follows:
# Comma-separated list of disabled protocols tls_exclude_protocols=SSLv3
Follow the instructions in the VOMS System Administrator Guide.
The upgrade requires a service restart. After the packages have been updated, run the following commands:
service voms-admin stop service voms-admin undeploy service voms-admin start
Upgrading to this version requires an upgrade of the database and a reconfiguration depending on the version of VOMS admin which is being upgraded. Follow the instructions in the VOMS System Administrator Guide.
|Upgrade from||Actions required|
|v. 3.1.0||db upgrade|
|v. 2.7.0||db upgrade reconfiguration|